O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
MOBILE Workshop Mobile Development Fabio Lalli CEO IQUII ! 26 Giugno 2014 Fabio CIOTOLI CTO IQUII
WELCOME
 #OPENIQUII
MERCATO Sviluppo security
mercato
Da dove iniziare?
framework o nativo?
che tipo di app?
Librerie
mobile security
DEVICE
NETWORK
DATA
15Tips & tricks
dati •Non memorizzare dati sensibili •Master key cifrata con pass-phrase dell’utente •Algorimo robusto, es. PBKDF2 con mol...
caching • Log • Crash • Cookies 2
parametri ! • Query String in log e cronologie • Utilizzare POST con CSFR Protection • Se necessario negoziare una chiave ...
ssl/tls • Man-in-the-middle attack possibile • Trusted root CA 4
Unique Identifier • Offuscare gli ID • Token con mapping server- side • RAM Attack sul backend 5
anti reverse • Utilizzare offuscatori • Objective C è riflessivo • Runtime attack 6
logica semplice • if (proUser == 1) • Con debug a basso livello (assembly) è facile intercettare i CBZ (compare-and- branc...
keyboard cache • Su iOS e Android vengono loggate le parole digitate • Disabilitare la correzione automatica sui TextField...
snapshot • Per fornire animazione più fluide iOS esegue snapshot • Gestire il background dell’app 9
broadcast intent • Evitare ove possibile il broadcast intent • Anche specificando permessi, qualsiasi app potrebbe impleme...
keychain • Il keychain è memorizzato in maniera cifrata nel backup itunes • È possibile decifrarlo • Impedisce il cambio d...
webview • Disabilitare javascript e plugin • Disabilitare accesso ai file locali • Prevenire il caricamento di contenuti d...
ram • Non mantenere informazioni in RAM • Variabili null appena possibile 13
Delete file • File.delete() non sicuro • Sovrascrivere i file non funziona nel mobile • Assumere che ogni file può essere ...
in-app Purchases • Verificare ricevute tramite server • Non embeddare contenuti 15
Terrorizzati?
Prossimi eventi 23 Aprile – Mobile Marketing // Fabio Lalli – Fabio Ciotoli
 22 Maggio – Social Media Marketing // Tommaso...
NETWORKING time
[#openIQUII - Workshop] Mobile Development e Mobile Security
Próximos SlideShares
Carregando em…5
×

[#openIQUII - Workshop] Mobile Development e Mobile Security

1.246 visualizações

Publicada em

Le applicazioni mobile oggi costituiscono lo strumento privilegiato per connettere gli utenti con i servizi e piattaforme online.

Le aziende ne sono consapevoli, e investono cifre sempre maggiori nella creazione di strumenti in grado di favorire l’esperienza dei loro clienti e acquisirne di nuovi, in un’ottica di presidio multicanale di mercati sempre più complessi.

Lo sviluppo di applicazioni mobile si configura come una leva strategica per i mercati, ma anche come una robusta opportunità professionale per tutti i programmatori che intendono affacciarsi sul mondo del mobile development.

Il terzo incontro #OpenIQUII sarà dedicato proprio al mobile development: Fabio Lalli e Fabio Ciotoli, CEO e CTO di IQUII, spiegheranno in che modo è possibile sviluppare applicazioni per iOS e Android, e quali sono i differenti approcci che il programmatore deve tenere in considerazione per progettare, sviluppare e inserire negli store le applicazioni.
Questi i temi trattati:

- Framework di sviluppo non nativi;
- Metodologie per la progettazione e lo sviluppo di un’applicazione;
- Analisi della sicurezza delle informazioni di un’applicazione;
- Tecniche e strumenti per accelerare lo sviluppo di un’applicazione.

Publicada em: Celular
Licença: CC Attribution-NonCommercial License
no profile picture user
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
Exibir mais

[#openIQUII - Workshop] Mobile Development e Mobile Security

  1. 1. MOBILE Workshop Mobile Development Fabio Lalli CEO IQUII ! 26 Giugno 2014 Fabio CIOTOLI CTO IQUII
  2. 2. WELCOME
 #OPENIQUII
  3. 3. MERCATO Sviluppo security
  4. 4. mercato
  5. 5. Da dove iniziare?
  6. 6. framework o nativo?
  7. 7. che tipo di app?
  8. 8. Librerie
  9. 9. mobile security
  10. 10. DEVICE
  11. 11. NETWORK
  12. 12. DATA
  13. 13. 15Tips & tricks
  14. 14. dati •Non memorizzare dati sensibili •Master key cifrata con pass-phrase dell’utente •Algorimo robusto, es. PBKDF2 con molte iterazione (CPU consuming) •Memorizzarli temporaneamente in RAM 1
  15. 15. caching • Log • Crash • Cookies 2
  16. 16. parametri ! • Query String in log e cronologie • Utilizzare POST con CSFR Protection • Se necessario negoziare una chiave con il server (es. Diffie- Hellman) 3
  17. 17. ssl/tls • Man-in-the-middle attack possibile • Trusted root CA 4
  18. 18. Unique Identifier • Offuscare gli ID • Token con mapping server- side • RAM Attack sul backend 5
  19. 19. anti reverse • Utilizzare offuscatori • Objective C è riflessivo • Runtime attack 6
  20. 20. logica semplice • if (proUser == 1) • Con debug a basso livello (assembly) è facile intercettare i CBZ (compare-and- branch- on-zero) o CBNZ. • Considerare paradigmi più robusti 7
  21. 21. keyboard cache • Su iOS e Android vengono loggate le parole digitate • Disabilitare la correzione automatica sui TextField 8
  22. 22. snapshot • Per fornire animazione più fluide iOS esegue snapshot • Gestire il background dell’app 9
  23. 23. broadcast intent • Evitare ove possibile il broadcast intent • Anche specificando permessi, qualsiasi app potrebbe implementare gli stessi servizi dell’app ricevente 10
  24. 24. keychain • Il keychain è memorizzato in maniera cifrata nel backup itunes • È possibile decifrarlo • Impedisce il cambio di certificato 11
  25. 25. webview • Disabilitare javascript e plugin • Disabilitare accesso ai file locali • Prevenire il caricamento di contenuti da hosts di terze parti 12
  26. 26. ram • Non mantenere informazioni in RAM • Variabili null appena possibile 13
  27. 27. Delete file • File.delete() non sicuro • Sovrascrivere i file non funziona nel mobile • Assumere che ogni file può essere recuperato e memorizzarlo cifrato 14
  28. 28. in-app Purchases • Verificare ricevute tramite server • Non embeddare contenuti 15
  29. 29. Terrorizzati?
  30. 30. Prossimi eventi 23 Aprile – Mobile Marketing // Fabio Lalli – Fabio Ciotoli
 22 Maggio – Social Media Marketing // Tommaso Sorchiotti – Simone Cinelli 
 26 Giugno – Mobile Development // Fabio Ciotoli – Fabio Lalli 
 10 Luglio – Wearable // Fabio Lalli – Alessandro Prunesti 
 18 Settembre – Social Media Monitoring // Lorenzo Sfienti – Simone Cinelli 
 16 Ottobre – Personal and Executive branding // Tommaso Sorchiotti – Alessandro Prunesti ! 20 Novembre – Gamification // Fabio Lalli – Alessandro Prunesti 
 11 Dicembre – Innovazione // Fabio Lalli
  31. 31. NETWORKING time

×